VPN Client access restriction

Unanswered Question
Dec 14th, 2007
User Badges:

I want to restrict VPN clients to few systems. Currently who ever accesses the office LAn via VPN is able to access every system.

Is there any way to restrict


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Fri, 12/14/2007 - 07:29
User Badges:
  • Gold, 750 points or more

Hi Imran

Sure.



group-policy yourexstingvpnpolicynamehere attributes

vpn-filter value restrictions


Now If you want to allow specific traffic and deny the rest, use following

access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz

access-list restrictions extended permit tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433

access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx

access-list restrictions extended deny ip any any


If you want to deny specific traffic and permit the rest, use the following

access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz

access-list restrictions extended deny tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433

access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx

access-list restrictions extended permit ip any any



Regards


husycisco Fri, 12/14/2007 - 07:43
User Badges:
  • Gold, 750 points or more

Ah, I was typing the above edited post and you sent the link :)

Actions

This Discussion